According to the US Department of Justice (DOJ) and the FBI, Kosovo citizen Ardit Ferizi allegedly hacked into the US web hosting company's servers and stole personal data of more than 1,300 US government and military employees.
Ferizi didn't use the stolen data for identity theft; instead he allegedly handed the hacked information over to Junaid Hussain (also known as Abu Hussain Al Britani), an ISIS member and hacker who was killed in a US drone strike in August.
The stolen data includes names, email addresses, passwords, phone numbers and locations of US military service members and government workers.
Hacker May Face up to 35 Years in Prison
Moreover, Ferizi also accessed customers' information from an unknown US Internet retailer, thereby obtaining credit card data on around 100,000 customers, according to a federal indictment unsealed in Virginia.
Ferizi, who was detained in Malaysia by local authorities, now faces extradition to the United States to face charges. If convicted, Ferizi could face more than 35 years in prison.
"This case is a first of its kind and with these charges, we seek to hold Ferizi accountable for his theft of this information and his role in (ISIS) targeting of U.S. government employees," John P.Carlin, Assistant Attorney General for National Security said in a statement.
The Most Careless Hacker Ever
Ferizi can probably be described as the most careless hacker ever for most of the reasons:
- He used his real name on the Twitter account.
- Instead of using Direct Messages, He used to communicate with ISIS members openly tweeting at them.
- He never tried to hide his real IP address.
Ferizi, an alleged leader of the Kosova Hacker's Security (KHS) hacking group, allegedly used Twitter (@Th3Dir3ctorY) to communicate with Hussain and another ISIS member, named Tariq Hamayun (Abu Muslim Al-Britani).
Moreover, when Ferizi allegedly hacked into the unnamed US company's servers, he logged in using the account name as KHS, which the FBI guessed was the abbreviation of Ferizi's hacking collective, 'Kosova Hackers Security.'
Ferizi was living in Malaysia on a student visa and was studying at the Limkokwing University of Creative Technology in Cyberjaya, Malaysia. And if convicted, he could face up to 35 years in jail.